cbcvebase.

Openfind Mailaudit vulnerabilities

5 known vulnerabilities affecting openfind/mailaudit.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-6350P2CRITICALCVSS 9.8≥ 6.0, < 6.1.10.054≥ 5.0, < 5.2.10.0992026-04-16
CVE-2026-6350 [CRITICAL] CWE-121 CVE-2026-6350: MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
nvd
CVE-2020-12782P2CRITICALCVSS 9.8v5.0≤ 5.02020-06-23
CVE-2020-12782 [CRITICAL] CWE-77 CVE-2020-12782: Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, ma Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.
nvd
CVE-2020-25849P3HIGHCVSS 8.8v4.0v5.0+1 more2020-11-01
CVE-2020-25849 [HIGH] CWE-78 CVE-2020-25849: MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and exe MailGates and MailAudit products contain Command Injection flaw, which can be used to inject and execute system commands from the cgi parameter after attackers obtain the user’s access token.
nvd
CVE-2026-6351P3HIGHCVSS 7.5≥ 6.0, < 6.1.10.054≥ 5.0, < 5.2.10.0992026-04-16
CVE-2026-6351 [HIGH] CWE-93 CVE-2026-6351: MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticat MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.
nvd
CVE-2024-6739P4MEDIUMCVSS 6.1fixed in 6.1.7.040≥ all, < V6.0 6.1.7.0402024-07-15
CVE-2024-6739 [MEDIUM] CWE-1004 CVE-2024-6739: The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, The session cookie in MailGates and MailAudit from Openfind does not have the HttpOnly flag enabled, allowing remote attackers to potentially steal the session cookie via XSS.
nvd
Openfind Mailaudit vulnerabilities | cvebase